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[57] ABSTRACT 

A transaction evidencing system includes a plurality of 
computer systems operatively configured to form a network 
with one of the computer systems functioning as a server and 
the remaining computer systems functioning as clients. Each 
of the computer systems includes a processor, memory and 
storage media. At least some of the storage means includes 
non- mete ring application programs that are selectively run 
on the client computer systems. An unsecured printer is 
operatively coupled to at least one of the computer systems 
for printing in accordance with the non-metering application 
programs. A portable vault card, which is removably 
coupled to the server computer system, includes digital 
token generation and transaction accounting processing. The 
client computer systems issue requests for digital tokens to 
the server computer system in response to requests for 
indicia from the non- mete ring application programs. The 
requests for digital tokens include predetermined informa- 
tion required by the tokeD generation processing. The server 
computer system communicates with the vault card when 
the vault card is coupled to the server computer system, 
sending the requests for digital tokens to the vault card and 
receiving from the vault card the generated digital tokens. 
The server computer system sends each digital token to the 
client computer system that requested the digital token. The 
requesting client computer system generates an indicia bit- 
map from the digital token. The server computer system 
receives from the vault a transaction record that includes the 
digital token and the predetermined information and stores 
the transaction record in its storage media. 

15 Claims, 8 Drawing Sheets 
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NETWORK OPEN METERING SYSTEM revenue block is an image printed on a mail piece thai 

includes the digital token used to provide evidence of 

RELATED APPLICATIONS postage payment. The Postal Data may be printed both in 

_ encrypted and unencrypted form in the postal revenue block. 

The present application is related to the fo owuig U.S. , posta , Dm as aQ ■ { ^ , Di ^ tal TokeQ T{aos{ot . 

patent applications Ser. ^8^08/575406 now U.S. Pat. No. mation wMch ^ a transformation computation 

5,625 694 ^ued on Apr. 29 1997, 08/575 107; now U.S. mat utilizes k tQ duce di ^ al ^ Results of 

Pat No. 5 781,438 issued on Jul. 14 1998; 08/574 746; now ^ Dtf d TokeQ Transfor mation, & digital toket)S> are 

U S. Pat. No 5 835^04 issued on No Vj 10, 1998; 08/574, availa & 0Q , aftef comp i elion of the hunting 
745;nowU.S. Pat. No. 5,742,683 issued on Apr. 21,1998; IN> . , / ., " . . . . . . . 

08/575,110; 08/574,743; now U.S. Pat. No. 5,793,867 issued 10 . Dl g" al toke ° s ate utm * d 10 ^ °P CD ? nd closcd me,e l r - 

on Aug. 11, 1998; 08/575,112; 08/575,104; now U.S. Pat. »» 7f m \ Howcver - f ? r °P e » me . te . nD £ s y s « ems ' f he 

No. 5,835,689 issued on Nov. 10, 1998; 08/574,749; now ?°n-dedicated printer may be used to pnnt other information 

U.S. Pat. No. 5,590,198 issued on Dec. 31, 1996, and m addition to the postal revenue block and may be used in 

08/575,111 now abandoned, each filed concurrently ■g™* ° ther thaD P os,a g e eyeing In an open system 

herewith, and assigned to the assignee of the present inven- 15 PED, addressee information is mcluded m the Postal Data 

t j which is used in the generation of the digital tokens. Such 

use of the addressee information creates a secure link 

FIELD OF THE INVENTION between the mailpiece and the postal revenue block and 

allows unambiguous authentication of the mail piece. 

The present invention relates generally to value printing 20 

systems and, more particularly, to value printing systems SUMMARY OF THE INVENTION 

wherein a printer is not dedicated to a metering module. . , . , . . , 

r 0 In accordance with the present invention an network- 

BACKGROUND OF THE INVENTION based open metering system is provided wherein some of the 

25 functionality typically performed in the vault of a conven- 

Postage metering systems are being developed which tional postage meter has been removed from the vault of the 

employ digital printers to print encrypted information on a network-based open metering system and is performed in 

mailpiece. Such metering systems are presently categorized server and client PCs in the network. It has been discovered 

by the USPS as either closed systems or open systems. In a that this transfer of functionality from the vault to the PCs 

closed system, the system functionality is solely dedicated to 3Q does not effect the security of the meter because the security 

metering activity. A closed system metering device includes of the network-based open metering system is in the infor- 

a dedicated printer securely coupled to a metering or mation being processed. 

accounting function. In a closed system, since the printer is the preS ent invention provides a network-based 
securely coupled and dedicated to the meter, printing cannot open me t erm g system that comprises a conventional net- 
take place without accounting. In an open metering system 3S work of a PC md a p i ur aHty of client PC's, special 
the system functionality is not dedicated solely to metering Windows-based software in the server PC and each of client 
activity. An open system metering device includes a printer PC > S( a p i ug _ m peripheral as a vault to store postage 
that is not dedicated to the metering activity, thus freeing ^nds. The network-based meter uses the client PC's and 
system functionality for multiple and diverse uses in addi- meir n0 n-secure and nondedicated printers to print postage 
tion to the metering activity. An open system metering 4Q 0 n envelopes and labels at the same time it prints a recipient 
device is a postage evidencing device (PED) with a non- address. The present invention provides access to an meter- 
dedicated printer that is not securely coupled to a secure i ng system by multiple users that are geographically 
accounting module. separated, for example at different offices within a building. 

Typically, the postage value for a mailpiece is encrypted jh e preS ent invention provides a network-based open 

together with other data to generate a digital token which is 45 mete r system, which consists of a personal computer (PC) 

then used to generate postage indicia that is printed on the network, a digital printer operatively connected to each PC 

mailpiece. A digital token is encrypted information that in the network, a removable electronic vault operatively 

authenticates the information imprinted on a mailpiece connected to the server PC, an optional modem for funds 

including postal value. Examples of systems for generating recharge (debit or credit), PC software modules in the form 

and using digital tokens are described in U.S. Pat. No. 50 0 f a Dynamic Link Library (DLL) and a user interface 

4,757,537, 4,831,555, 4,775,246, 4,873,645 and 4,725,718, module in each PC. The vault is a secure encryption device 

the entire disclosures of which are hereby incorporated by f or digital token generation, funds management and tradi- 

reference. These systems employ an encryption algorithm to tional accounting functions. The DLL module in the client 

encrypt selected information to generate at least one digital initiates all communications with the DLL in the server PC 

token for each mailpiece. The encryption of the information 55 which communicates with the vault, and provides an open 

provides security to prevent altering of the printed informa- interface to Windows-based applications. Secure communi- 

tion in a manner such that any misuse of the tokens is ca tion between the client PC and the vault is desired but is 

detectable by appropriate verification procedures. DO t necessary for system security. The DLL module in the 

Typical information which may be encrypted as part of a server PC obtains from the vault transaction records com- 

digital token includes origination postal code, vendor 60 prising digital tokens issued by the vault and associated 

identification, data identifying the PED, piece count, postage postal data and sends the transaction record to the client PC 

amount, date, and, for an open system, destination postal which then generates an electronic indicia image. The usage 

code. These items of information, collectively referred to as of postal funds and the transaction record are stored in the 

Postal Data, when encrypted with a secret key and printed on vault. Another copy of the usage of postal funds and the 

a mail piece provide a very high level of security which 65 transaction record may be stored on the server and client 

enables the detection of any attempted modification of a hard drives as backup. The user interface module obtains the 

postal revenue block or a destination postal code. A postal electronic indicia image from the DLL module for printing 
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the postal revenue block on a document, such as an enve- 20 is a secure encryption device for postage funds 

lope. The user interface also communicates with the vault management, digital token generation and traditional 

via the DLL in the server PC for remote refills and for accounting functions. Server 10 may also include an 

performing administrative functions. optional modem 29 which is located in PC 12, preferably, or 

The present invention further provides open system net- 5 in card 30. Modem 29 may be used for communicating with 

work metering that includes security to prevent tampering a Postal Service or a P ostaI authenticating vendor for 

and false evidence of postage payment as well 4as the ability recharging funds (debit or credit). A description of such 

to do batch processing of envelopes, review of indicia and communication by modem is described in U.S. Pat. No. 

addressing on envelope before printing. 4,831,555, incorporated herein by reference. In an alternate 

10 embodiment the modem may be located in PCMCIA card 

DESCRIPTION OF THE DRAWINGS 30. 

™ . . u . t A , etU , Each of the PC's 12 includes a Windows-based PC 

THe above . and other objects and advantages of the present 34 ^ 

l^'n^^^ conventional Windows-based word processing, database 
lowing detailed description taken in conjunction with 1S ^ application programs3 6. PC software mod- 
accompanying ^inwbdi ike .reference characters £ a dynamic link library (DLL) 40, a user 
refer to like parts throughout, and in which. Mc ^ fa ^ and a ? J^ y q£ s V modu i e s 

FIG. 1 is a block diagram of a PC-Network metering ^ control thc metering functions. In server 10, DLL 

system in accordance with the present invention; module 40 securely communicates with vault 20 and clients 

FIG. 2 is a schematic block diagram of the PC-Network 20 n, j n client 11, DLL module 40' securely communicates 

metering system of FIG. 1 including a removable vault card with server 10. DLL 40, in server 10 and client 11, provides 

in a server PC and a DLL in each of the PC's; an open interface to Microsoft Windows-based application 

FIG. 3 is a schematic block diagram of the client and programs 36 through user interface module 42. DLL module 

server PC's in the PC-Network metering system of FIG. 1 40 also securely stores transaction records reflecting the 

including interaction with the vault to generate indicia 25 usage of postal funds of vault 20. User interface module 42 

bitmap; provides application programs 36 access to an electronic 

FIG.' 4. (4A-4B)' is a block diagram of the DLL sub- mdicia ima ge from DLL module 40 for printing the postal 

modules in the PC-Network metering system of FIG. 1; revenue block oa a document, such as an envelope or label. 

, . a , . r . ~ ^ ... User interface module 42 also provides application pro- 

FIG. 5 is a flow chart of the Secure Communications 7n . .... , jsh j * _/ 

. j i • l rw-. kt i ■ . r t-t^ -i 30 grams the capabdity to initiate remote refills and to perform 

sub-module in the PC-Network metering system of FIG. 1; j ■ • , *• £ *• 

° J administrative functions. 

FIG. 6 is a flow chart of the Transaction Capture sub- ™ . , . . . ~ 

• » . . r*/^ vt i t ■ * i Thus, network-based metering system 1 operates as a 

module in the PC- Network metering system ot FIG. 1; . . . . f . *T i ■ « 

& J conventional network, except that a client or network printer 

FIG. 7 is an representation of indicia printed by the prints postage upon user request. Printers 18 print all docu- 

PC-Network metering system of FIG. 1; 35 ments normally printed 5y a per sonal computer, including 

FIG. 8 is a flow chart of the client requesting an indicia printing letters and addressing envelopes, and in accordance 

in the PC-Network metering system of FIG. 1; and with the present invention, prints postage indicia. Network- 

FIG. 9 is a flow diagram of the server responding to a based meter system 1 uses server 10 to issue postage and one 

request for an indicia in the PC-Network metering system of of the printers to print the issued postage on envelopes at the 

FIG. 1. 40 same time it prints a recipient's address or to print labels for 

pre-addressed return envelopes or large mailpieces. It will be 

DETAILED DESCRIPTION OF THE PRESENT understood that although the preferred embodiment of the 

INVENTION present invention is described as a postage metering system, 

In describing the present invention, reference is made to 4S *° P resent invention is applicable to any value metering 

the drawings, wherein there is seen in FIGS. 1-3 an open svstem that mcludes faction evidencing. It will also be 

system network-based postage meter, also referred to herein understood that the present invention could also be used in 

as a network-based metering system, generally referred to as a network m whlch a network P rmter * su ? h . 35 * e 

1, comprising a server 10 and a plurality of clients 11. Server P rinter > is used to P™t envelopes with mdicia, when local 

10 is configured to operate as a host to a removable metering 50 P nnters « not available to some or a11 of the chent PC s * 

device or electronic vault, generally referred to as 20, in A description of the key components of network-based 

which postage funds are stored. metering system 1 are described below followed by a 

In the following description and in the drawings, compo- description of the preferred operation of network-based 

nents common to server 10 and clients 11 are distinguished, metering system 1. 

when necessary, by referring to the client components with 55 y au j t 
a prime designation. When the component functionality is 

common to both server and client PC's the description does In the preferred embodiment of the present invention, the 
not distinguish between server and client. vault is housed in a PCMCIA I/O device, or card, which is 
The server 10 and clients 11 include the following com- accessed through a PCMCIA controller 32 in server 10. A 
mon components: a personal computer (PC) 12, a display 60 PCMCIA card is a credit card size peripheral or adapter that 
14, a keyboard 16, and an unsecured digital printer 18, conforms to the standard specification of the personal Corn- 
preferably a laser or ink-jet printer. Each PC 12 includes a puter Memory Card International Association, 
conventional processor 22, such as the 80486 and Pentium Referring now to FIGS. 2 and 3, the PCMCIA card 
processors manufactured by Intel, and conventional hard includes a microprocessor 44, non-volatile memory (NVM) 
drive 24, floppy drive(s) 26, and memory 28. Server 10 65 46, clock 48, an encryption module 50 and an accounting 
includes an electronic vault 20, which is housed in a module 52. The encryption module 50 may implement the 
removable card, such as PCMCIA card 30. Electronic vault NBS Data Encryption Standard (DES) or another suitable 
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encryption scheme. In the preferred embodiment, encryption 
module 50 is a software module. It will be understood that 
encryption module 50 could also be a separate device, such 
as a separate chip connected to microprocessor 44. Account- 
ing module 52 may be EEPROM that incorporates ascend- 
ing and descending registers as well as postal data, such as 
origination ZIP Code, vendor identification, data identifying 
server PC 12, sequential piece count of the postal revenue 
block generated by the network-based metering system 1, 
postage amount and the date of submission to the Postal 
Service. As is known, an ascending register in a metering 
unit records the amount of postage that has been dispensed, 
i.e., issued by the vault, in all transactions and the descend- 
ing register records the value, i.e., amount of postage 
remaining in the vault, which value decreases as postage is 
issued. 

The hardware design of the vault includes an interface 56 
that communicates with the server host processor 22 through 
PCMCIA controller 32. Preferably, for added physical 
security, the components of vault 20 that perform the 
encryption and store the encryption keys (microprocessor 
44, ROM 47 and NVM 46) are packaged in the same 
integrated circuit device/chip that is manufactured to be 
tamper proof. Such packaging ensures that the contents of 
NVM 46 may be read only by the encryption processor and 
are not accessible outside of the integrated circuit device. 
Alternatively, the entire card could be manufactured to be 
tamper proof. 

In accordance with the present invention, the open system 
vault 20 is strictly a slave device in PC 12 of server 10. 
Server host processor 22 generates a command and vault 20 
replies with a response. Vault 20 does not generate unsolic- 
ited messages. Thus, server PC 12 requests vault status 
whenever any transaction is initiated. A further description 
of vault 20 is disclosed in the related U.S. patent application 
Ser. No. 08/575,112, previously noted, which is incorporated 
herein in its entirety by reference. Dynamic Link Library 
Control of the Vault and Network Communications 

In accordance with the present invention, the functionality 
of DLL's 40 and 40' in server and client PC's, respectively, 
is a key component of network-based metering 1. DLL 40 
includes both executable code and data storage area 41 that 
is resident in hard drive 24 of PC 12. In a Windows 
environment, a vast majority of applications programs 36, 
such as word processing and spreadsheet programs, com- 
municate with one another using one or more dynamic link 
libraries. The present invention encapsulates all the pro- 
cesses involved in metering, and provides an open interface 
to vault 20 from all Windows-based applications capable of 
using a dynamic link library. In accordance with the present 
invention, any client application program 36' can commu- 
nicate with vault microprocessor 44 in PCMCIA card 
through DLL 40' and server PC 12. 

In accordance with the present invention, DLL 40 
includes the following software sub -modules: secure com- 
munications 80, transaction captures 82, secure indicia 
image creation and storage 84, and application interface 
module 86. 

Secure Communications 

Since vault 20 is not physically secured to server PC 12, 
it may be possible for that one vault 20 attached to server PC 
12 is replaced with another vault 20 while a vault transaction 
is in process. The Secure Communications sub -module 80 
prevents this from happening by maintaining secure com- 
munication between server DLL 40 and vault 20. Secure 



Communications sub-module 80 in server 11 identifies a 
specific vault 20 when it opens a communication session 
through PCMCIA controller 32, and maintains communica- 
tion data integrity with the specific vault during the entire 

5 communication session. Similarly, when a communication 
session is initiated between client 11 and a server 10, Secure 
Communications sub-module 80 maintains communication 
data integrity between the client 11 and server 10. Refering 
now to FIG. 5, when a communication session is initiated, 
between server DLL 40 and vault 20, or between client U 
and server 10, a session key is negotiated at step 100. All the 
messages thereafter are encoded/decoded using the session 
key which is used for only the one particular communication 
session. Whenever the session key changes during the 
communication session, the communication session termi- 

15 nates and an error message is sent to the user at step 106. The 
use of session keys is described in Applied Cryptography by 
Bruce Schneier, published by John Wiley and Sons, Inc., 
1994. Thus, the session key not only provides secure 
encrypted communication during a token request and issue, 

20 but also prevents another vault (PCMCIA card 30) from 
replacing the vault 20 that began a communication session, 
because the other vault does not have the session key 
negotiated at the beginning of the communication session. 
The secure communications between server 10 and client U 

25 ensures that only the client requesting a token can receive 
the token. Secure Communications sub-module 80 in server 
11 also controls secure communications with the postal data 
center, for example, during refills of the accounting registers 
in vault 20. 

30 Transaction Captures 

Conventional postage meters store transactions in the 
meter. In accordance with the present invention, Transaction 
Capture sub-module 82 in server 10 captures each transac- 

35 tion record received from vault 20 and records the transac- 
tion record in DLL 40 and in DLL storage area 41 on hard 
drive 24. When server 10 sends the transaction record to 
client U, Transaction Capture sub-module 82' in client U 
captures the transaction record and records the transaction 

40 record in DLL 40' and in DLL storage area 41' on hard drive 
24'. Referring now to FIG. 6, from the moment that a 
communication session is established, between server DLL 
40 and vault 20, or between client 11 and server 10, 
respective Transaction Capture submodules 82 and 82' 

45 monitor message traffic at step 120, selectively capture each 
transaction record for token generations and refills, and store 
such transaction records in respective DLLs 40 and 40' at 
step 124 and in an invisible and write-protected files 83 and 
83' in DLL storage areas 41 and 41' at step 126. The 

50 information stored for each transaction record includes, for 
example, vault serial number, date, piece count, postage, 
postal funds available (descending register), tokens, desti- 
nation postal code and the block check character. A prede- 
termined number of the most recent records initiated can be 

55 stored in this manner by indexing files 83 and 83' accord- 
ingly. In the preferred embodiment files 83 and 83' are 
indexed according to piece count but may searched accord- 
ing to addressee information. Server file 83 represents the 
mirror image of vault 20 at the time of the transaction except 

60 for the encryption keys and configuration parameters. Client 
file 83' may represent a subset of the image of vault 20 at the 
time of the transaction because each client 11 stores trans- 
action records of transactions initiated by such client. Stor- 
ing transaction records on hard drive 24 provides backup 

65 capability which is described below. 

A description of a digital token generation process is 
disclosed for a PC-meter system in the related U.S. Patent 
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Applications Serial Nos. [Attorney Dockets E-416, E-415 received, Secure Communications sub-module 80 requests 

and E-419], which are incorporated herein in their entirety tokens from vault 20, at step 162. At step 164, Secure 

by reference. The digital token generation process for Communications sub-module 80 checks for a transaction 

network-based metering system 1 is the same as described in record, including digital token, from vault 20. If a transac- 

the related applications except that a client application 5 tion record is not received in response to the request from 

program 36' sends a request for digital token to vault 20 server 10, an error is processed, at step 166, resulting in an 

through client DLL 40* and server DLL 40 as shown in FIG. error message to client 11. If a transaction record is received, 

3. The generated token is sent to the client DLL 40' through then, at step 168, the transaction record is stored in DLL 40 

the server DLL 40 for use in generating an indicia. In the and DLL storage area 41. At step 170, Secure Communica- 

present invention, when a request for token is sent from a 10 tions sub-module 80 sends the postal data received as in the 

client to server 10, all postal information that is needed to transaction record, including token and piece count, to client 

calculate the token as well as parameters identifying the 11. 

client, such as user ID, password and client PC The request for indicia most likely will originate from a 
identification, must accompany the request since multiple c ij ent u but could originate from server 10. When server 10 
clients may be requesting tokens simultaneously. 15 originates a request for indicia server 10 functions as a 
. .. . . ^ , „ PC-based meter as described U.S. patent application Ser. 
Indicia Image Creation and Storage No 08 /575,112, previously noted, which is hereby incorpo- 
In a closed metering system, such as conventional postage rated in its entirety by reference, 
meters, the indicia is secure because the indicia printer is . . 
dedicated to the meter activity and is physically secured to 20 Application Interface 
the accounting portion of the meter, typically in a tamper- The Application Interface sub -module 86, in server 10 or 
proof manner. In an open metering system, such as the client 11, provides the following services when requested by 
present invention, such physical security is not present. an application program 36 in PC 12. Application program 36 
In accordance with the present invention, the entire fixed accepts user data through user interface module 42 and 
graphics image 90 of the indicia 92, shown in FIG. 7 is prints indicia on an envelope or on a label. In the preferred 
stored as compressed data 94 in DLL storage area 41. Postal embodiment of the present invention, such application pro- 
data information, including piece count 93a, vendor ID 936, gram 36 would be an off-the-shelf software module, such as 
postage amount 93c, serial number 93d, date 93e and a word processor or spreadsheet, that can access DLL 40. Id 
origination ZIP 93/ and tokens 93g are combined with the 3Q an alternate embodiment application program 36 could be a 
fixed graphics image 90 by Indicia Image Creation and software module dedicated solely to accept user data and 
Storage sub-module 84. print indicia on an envelope or on a label. Application 
Referring now to FIGS. 3 and 8, a request for indicia is Interface sub-module 86 provides the destination ZIP data 
made, at step 142, from application program 36' in client 11 and associated postal data needed to create the indicia, 
to server 10. At step 144, Secure Communications sub- 35 Application Interface sub-module 86 requests available 
module 80' in client 11 checks for a response from server 10, postage from vault 20 and reports the available postage to 
When a response is received, Indicia Image Creation and me requesting application program 36. 
Storage sub -module 84* checks, at step 146, the response for When vault 20 is refilled with postage funds from the data 
postal data, including at least one digital token. If the postal center, Application Interface sub -module 86 requests from 
data has not been sent with the response, at step 148, an error 40 vault 20 the access code required for refills and reports the 
condition is processed that results in a message to the user. access code received to the Secure Communications sub- 
If the response from server 10 included the expected postal module 80 which initiates communications with the data 
data, at step 150, Indicia Image Creation and Storage center. Application Interface sub-module 86 initiates the 
sub -module 84* generates a bit -mapped indicia image 96 by refill and provides the amount and combination to vault 20. 
expanding the compressed fixed graphics image data 94, at 45 DLL 40 reports the result to the requesting application 
step 152, and combining, at step 154, the indicia's fixed program 36 which acknowledges the refill to the user, 
graphics image 90 with some or all of the postal data Application Interface sub-module 86 processes a request 
information and tokens received from vault 20. At step 156, for indicia received from application program 36 and for- 
the indicia image is stored in DLL 40' for printing. Sub- wards the request to Indicia Image Creation and Storage 
module 84' sends to the requesting application program 36' 50 sub-module 84. Application Interface sub-module 86 pro- 
in client PC 12' the created bit-mapped indicia image 96 that vides postal data, including date, postage, and a destination 
is ready for printing, and then stores a transaction record postal code, such as an 11 digit ZIP code, to Indicia Image 
comprising the digital tokens and associated postal data in Creation and Storage sub-module 84 which then generates a 
DLL storage area 41\ bit-mapped indicia image 96. Application Interface sub- 
Thus, the bit-mapped indicia image 96 is stored in DLL 55 module 86 reports to application program 36 that the bit- 
40' which can only be accessed by executable code in DLL mapped indicia image 96 is ready for printing. 
40'. Furthermore, only the executable code of DLL 40' can 

access the fixed graphics image 90 of the indicia to generate Backup On Hard Drive 
bit-mapped indicia image 96. This prevents accidental modi- Vault 20 must be a secure device because it contains the 
fication of the indicia because it would be very difficult for 6 o accounting information of the amount of postage remaining 
a normal user to access, intentionally or otherwise, the fixed m the vault and the postage printed. However, the very 
graphics image 90 of the indicia and the bit-mapped indicia nature of the security makes it hard to recover postal funds 
image 96. m the event a malfunction occurs and the vault cannot be 
Referring now to FIGS. 3 and 9, when the request for accessed by normal operation. The present invention 
indicia is made, from application program 36', Secure Com- 65 enhances the reliability of a PC meter system by using the 
munications sub-module 80 in server 10 checks for the hard disks of server 10 and clients 11 to backup the account- 
request from client 11, at step 160. When the request is ing information of the vault. As previously described, the 
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transaction capture sub-modules 82 and 82' store transaction At this point the user can print the envelope as shown or 

files as backup files on hard drives 24 and 24'. This provides correct any errors that are seen in the preview, 

a benefit that certain functions, such as account As previously described, in network-based metering sys- 

reconciliation, can be performed even when vault 20 mal- tern 1 the printers are not dedicated to the metering function 

functions. Such backup is unavailable in conventional post- 5 aI1£ j the indicia are stored in PC 12 before printing. Thus, 

age meters. tokens can be generated individually or for a batch of 

For further security, the backup transaction files can be addressees stored in the requesting client 11 which can later 
encrypted before being stored on hard drives 24 and 24' to generate indicia from each of the tokens and then print the 
prevent tampering. The number of transactions that are indicia at the user's discretion. Such delayed printing and 
maintained on hard drives 24 and 24' is limited only by the 10 batch processing is described in more detail in co-pending 
available storage space on the hard drives. Preferably, at U.S. patent application Ser. No. 08/575,104, previously 
least all transactions since the last refill would be maintained noted, which is incorporated herein in its entirety by refer- 
on server 10 as backup. ence. 

A detailed description of recovery from vault malfunction As with any document prepared in a Windows-based PC 

is disclosed in co-pending U.S. patent application Ser. No. 15 system, a user may observe, through the application program 

08/574,743, previously noted, which is incorporated herein 36 in which an envelope was created, an image of a fully 

in its entirety by reference. prepared envelope or batch of envelopes to be printed, 

including addressee information and indicia, before printing 

Operation of the PC Meter any of the envelopes> Network-based metering system 1 also 

Generally, the first action by a user after powering up a 20 provides a user with the ability to customize return 

conventional meter is setting the time and date of the meter. addresses, slogans, logos and greetings that are to be printed 

Setting the date is necessary to generate derived keys which with the indicia on the envelope. 

are used to generate the digital tokens. (Some recent meters In an alternate embodiment of network-based metering 

have a real time clock internal to the meter in which case the ^ system 1, the electronic vault is in an IC token, such as 

time and date need only be set once.) The present invention manufactured by CDSM of Phoenix, Ariz., that is inserted 

spares the user from having to set the vault date. into a token receptacle of a PCMCIA card and programmed 

As previously described, vault 20 does not have an to operate as the vault in a similar manner as described for 

independent power source and therefore cannot have a PCMCIA card 30. In another alternate embodiment, the 

continuous running real-time clock. The date must be set 3Q electronic vault is in a smart diskette, such as manufactured 

every time the vault is powered-up. Power is applied to vault by SmartDisc Security Corp. of Naples, Florida, that is 

20 only when it is plugged into server PC 12. Thus, the date programmed to operate in a similar manner as described for 

would normally be entered by the user through server PC 12 PCMCIA card 30. In another alternate embodiment of 

each time vault 20 is plugged into PCMCIA controller 32. network-based metering system 1, the electronic vault is a 

Since server PC 12 has a real-time clock, the date setting 35 tamper proof, hardware peripheral, such as a dongle, that is 

process may be automated and made transparent to the user. attached to a serial, parallel or SCSI port of the PC. 

In accordance with the present invention, the time and date As used herein, the term personal computer is used 

set in server PC 12 is sent to vault 20 each time power is genetically and refers to present and future microprocessing 

initially applied to vault 20. The vault date is used by DLLs systems with at least one processor operatively coupled to 

40 and 40' to generate the indicia. The vault date may be 4Q user interface means, such as a display and keyboard, and 

changed at any time by the user to facilitate post-dating of storage media. The personal computer may be a workstation 

mail. that is accessible by more than one user. 

Upon application of power to vault 20 by PCMCIA While the present invention has been disclosed and 
controller 32, the date of server PC 12 is obtained through described with reference to a single embodiment thereof, it 
user interface 42. The date is then translated into the correct 45 will be apparent, as noted above that variations and modi- 
format and sent to vault 20 which then sets its date, fications may be made therein. It is, thus, intended in the 
calculates its date dependent token keys and returns its status following claims to cover each variation and modification 
and the token keys to server PC 12. Additionally, a default that falls within the true spirit and scope of the present 
postage amount (e.g. First Class Postage) may be set in a invention, 
similar manner. This method enables network-based meter- 50 What is claimed is: 

ing system 1 immediately when vault 20 is plugged into 1. A transaction evidencing system including a plurality of 

PCMCIA controller 32 without the user having to manually computer systems operatively configured to form a network 

set parameters. The user may change the vault date (in order with one of the computer systems functioning as a server and 

to post date mail) or the default postage amount at any time. the remaining computer systems functioning as clients, each 

In an alternate embodiment, PCMCIA card has its own 55 of the computer systems including processor, memory, stor- 

internal clock that is automatically set with the time and date age and user interface means, at least some of said storage 

in server PC 12 each time PCMCIA card is inserted into means including a plurality of non-metering application 

PCMCIA controller 32. programs that are selectively run on said client computer 

In the preferred operation, a user of an application pro- systems, at least one of said computer systems including an 

gram 36 (running in either client 11 or server 10), such as a 60 unsecured printer operatively coupled thereto for printing in 

word processor, highlights a recipient address from a letter accordance with said non-metering application programs, 

or mailing list displayed on display 14. The user requests the foe system comprising: 

printing of an envelope with indicia. A dialog box appears on a portable vault card that is removably coupled to said 

display 14 indicating the default postage amount which the server computer system, said vault card including digi- 

user may accept or modify. When the postage amount is 65 tal token generation means and transaction accounting 

accepted, the entire envelope is previewed with all means, said server computer system including means 

addressing, bar-coding and indicia shown on the envelope. for removably coupling said vault card to said PC; 
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vault interface means for effecting communications 
between said portable vault means and said non- 
metering application program and for performing 
metering functions other than metering functions per- 
formed in said portable vault means, said vault inter- 
face means comprising: 

an application interface module in said client computer 
systems for interfacing with said non -metering appli- 
cation program; 



10. The transaction evidencing system of claim 1, wherein 
said vault interface means are part of dynamic link library 
modules in said computer systems. 

11. The transaction evidencing system of claim 1, wherein 
said vault card is a PCMCIA card. 

12. A method of implementing a transaction evidencing 
system on a computer network comprising a plurality of 
computer systems operatively configured to form the com- 
puter network with one of the computer systems functioning 



a communications module in said server computer to as a server and the remaining computer systems functioning 



system for communicating with said portable vault 
means; 

an indicia image creation and storage module in said 
client computer systems for generating indicia bit- 
maps and storing said indicia bitmaps in said storage is 
means; and 

a transaction capture module for storing storage means 
transaction records generated in said portable vault 
means. 

2. The transaction evidencing system of claim 1 wherein 20 
said application interface module issues a request for at least 
one digital token in response to a request for indicia from 
said non-metering application program, said request for 
digital token including predetermined information required 
by said token generation means, said communications mod- 25 
ule sends said request for digital token and said predeter- 
mined information to said portable vault means and receives 
from said portable vault means a transaction record includ- 
ing a digital token generated by said token generation 
means, said indicia image creation and storage module 3° 
generates an indicia bitmap from said digital token and 
stores said indicia bit map, said transaction capture module 
stores said transaction record said application interface 
module provides said indicia bitmap to said non-metering 
application program. 35 

3. The transaction evidencing system of claim 2 wherein 
said transaction capture module in said server and client 
computer systems. 

4. The transaction evidencing system of claim 2 wherein 
said indicia bitmap generating means generates a postage 
indicia bitmap by combining indicia graphics stored in said 
storage means of said requesting client computer system 
with said digital token and said predetermined information. 

5. The transaction evidencing system of claim 2, wherein 
a batch of digital tokens may be generated in the vault card 
and stored in a requesting one of said client computer 
systems before any indicia bitmaps corresponding to said 
batch of digital tokens are generated. 

6. The transaction evidencing system of claim 2, wherein 
said transaction record is encrypted before being stored in 
said storage means of said server computer system. 

7. The transaction evidencing system of claim 2, wherein 
said vault interface means provides said indicia bitmap to 
said one of said non-metering application programs for 
viewing an image of said indicia bitmap on a display 
coupled to said requesting client computer system before 
printing said indicia bitmap. 

8. The transaction evidencing system of claim 1, wherein 
a plurality of consecutive ones of said transaction records 
are stored in said storage means of said server computer 
system as backup to information stored in said vault card. 

9. The transaction evidencing system of claim 1 wherein 
said transaction capture module in said server computer 
system. 



40 



45 



50 



55 



as clients, the method comprising the steps of: 
providing a portable vault that is operatively coupled to 
the server, said vault operating as a secure accounting 
module of the transaction evidencing system; 
requesting indicia in one of the clients for a particular 
document being processed in a non-metering applica- 
tion program running in the requesting client; 
sending the request for indicia from the requesting client 
to the server with a predetermined set of information 
relating to the particular document; 
sending, in response to said request for indicia, a request 
for at least one digital token from the server to the 
portable vault with the predetermined set of informa- 
tion; 

issuing in said portable vault at least one digital token and 
sending the digital token as part of a transaction record 
to the server; 

storing the transaction record in the server; 

sending from the server to the requesting client the 
transaction record; 

storing the transaction record in the client; 

generating an indicia bitmap using the digital token and 
the predetermined set of information in the client; and 

providing the indicia bitmap to the non-metering appli- 
cation program when the non-metering application 
program is ready to print the indicia. 

13. The method of claim 12, comprising the further steps 

of: 

selecting in the non-metering application program recipi- 
ent address information for use in the application 
program; 

selecting in the non-metering application program an 
amount of postage to be printed on in the application 
program; 

including the recipient address information and the 
amount of postage as part of the predetermined set of 
information; and 

printing said recipient address and said indicia on an 
envelope. 

14. The method of claim 12, comprising the further step 

f: 

storing a plurality of transaction records in a file on a hard 
drive of the server, and indexing the transaction records 
according to piece count. 

15. The method of claim 12, comprising the further step 

of: 



of: 



60 



viewing on a display coupled to the requesting client 
computer system an image of at least a part of the 
particular document with the indicia shown thereon 
before printing the particular document. 
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